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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 10 March 2010 . 
2a )^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-3 and 5-37 is/are pending in the application. 

4a) Of the above claim(s) 12-37 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) 1-3 and 5-11 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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1 . This action is responsive to Applicants' amendments received 10 March 2010. 

2. This action has been assigned paper number 20 1 00605 for reference purposes only. 

3. Claims 1-3 and 5-37 are pending. 

4. Claims 1-3 and 5-11 have been examined. 



5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1-3 and 5-11 are rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Ziegler (US 2004/0044739) in view of Douceur (US 2004/0060042) further in view of 
Tochikubo (US 7,096,357). 

7. As to claims 1, 3, 6-9, and 11, Ziegler shows: 

a. A fraud detection system for detecting fraudulent transactions, comprising: 

b. an interface 102 for inputting transaction data (via keyboard 108 and mouse 110) 
and outputting analysis results (on monitor 104); and 

c. a tamper-resistant ("tamper proof server," [0112]) secure data processing unit 
(SDPU) 124, wherein the SDPU includes: 



Claim Rejections - 35 USC §103 
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d. a security system (HSM) that can restrict access to data and program execution 
[0232]; 

e. an analysis system for analyzing inputted transactions [0006]; 

f. a plurality of surveillance algorithms ("several securing functions," [0054] 
wherein the plurality of surveillance algorithms make a determination regarding a 
probability that inputted transactions are fraudulent ("if fraud is detected," Id.) 

8. Zeigler does not expressly show: 

g. a selection program for selecting at each of a sequence of random times a 
different surveillance algorithm to be used by the analysis system; 

h. the selection program utilizes a random selection program for selecting 
surveillance algorithms; 

i. measuring a randomness of the algorithm selection process using a technique 
selected from the group consisting of correlation and entropy measures; and 

j. issuing an alert is the randomness goes under a predetermined threshold; 
k. the surveillance algorithms are stored in an encrypted database; and 
1. the further step of decrypting the selected surveillance algorithm.. 

9. However, Douceur shows random selection [0050] with a predefined correlation 
coefficient ("rho," [0067]) and the calculation of the correlation coefficient from already 
generated random values [0074]. Therefore, it would have been obvious to one of ordinary skill 
in the art at the time of the invention to have modified the teachings of Ziegler to add the 
calculations and selection method of Douceur so that a comparison of the predefined rho and the 
calculated rho would trigger an alert as taught by Ziegler if the difference exceeded a threshold. 
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The random selection of algorithms would allow for a more secure system through the use 
differing algorithms but with efficiency near that of just using one algorithm because only one is 
in use at a time. The alert would allow for a notice that the system is not operating properly or 
has become too predictable. If the system becomes predictable, the added security of the rotating 
algorithms is diminished. 

10. The Zeigler/Douceur combination does not expressly show: 

m. the surveillance algorithms are stored in an encrypted database; and 
n. the further step of decrypting the selected surveillance algorithm.. 

11. However, Tochikubo teaches an encrypted storage 13 of algorithms (C 4, LL 40-44) 
which requires that the algorithms be decrypted before use. Therefore, it would have been 
obvious to one of ordinary skill in the art at the time of the invention to have further modified the 
teachings of Zeigler to store the securing functions in an encrypted database and decrypt them 
before use in order to ensure that the algorithms cannot be tampered with. 

12. As to claim 2, Zeigler further shows: 

o. the SDPU further includes an algorithm performance system 1102 that assists the 
selection program in selecting surveillance algorithms [0062]. 



13. 



As to claim 5, Zeigler further shows: 

p. the security system includes an encryption system for encrypting and decrypting 
data [0038]. 
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14. As to claim 10, Zeigler further shows: 

q. the SDPU prevents observation by an outside observer of which surveillance 
algorithm is selected (observation of the execution of the software would be an 
unauthorized access [0232]). 

Response to Arguments 

15. Applicant's arguments filed 10 March 2010 have been fully considered but they are not 
persuasive. 

16. Applicants argue : 

17. "Applicants assert, that Zeigler never teaches or suggests a plurality of surveillance 
algorithm for detecting fraud" (Remarks, Page 11, partial paragraph). 

18. Examiner's response : 

19. The Examiner notes that "a plurality of surveillance algorithm for detecting fraud" is not 
claimed. It is the Examiner's position that Applicants are referring to the limitation "a plurality 
of surveillance algorithms stored in an encrypted database wherein the plurality of surveillance 
algorithms make a determination regarding a probability that inputted transactions are 
fraudulent" in claim 1 . 

20. Applicants state that Zeigler shows software that performs the functions of "generat[ing] 
a digital signal," "authenticat[ing] the terminal," "unloading] itself if fraud is detected," and 
"force an[] upgrade," and "validate itself." Clearly "unloading itself if fraud is detected" is 
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something the software contains an algorithm for if determines it needs to, when the probability 
of fraud is 100 percent. Authenticating the terminal and validating itself are additional 
algorithms that that would be run to help determine if there is a probability of fraud. If the 
terminal does not authenticate, there is a higher probability of fraud. Similarly, if the software 
cannot be validated, it has been corrupted or tampered with, which would result in incorrect or 
fraudulent transactions. 

21. Applicants argue : 

22. "Douceur does not teach "a selection program for selecting at each of a sequence of 
random times a different surveillance algorithm to be used by the analysis system." Thus, the 
combination of Douceur and Zeigler do not render the present invention obvious" (Remarks, 
Page 12, partial paragraph). 

23. Examiner's response : 

24. The Examiner set forth that "[t]he random selection of algorithms would allow for a more 
secure system through the use differing algorithms but with efficiency near that of just using one 
algorithm because only one is in use at a time. The alert would allow for a notice that the system 
is not operating properly or has become too predictable. If the system becomes predictable, the 
added security of the rotating algorithms is diminished." Applicants have not challenged the 
factual basis of this reasoning. Therefore, the Examiner's position is that one of ordinary skill in 
the art would understand the need or desire to have the randomly selected algorithms and thus, 
would search out pre-existing software to implement it. Douceur has already created software 
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for random selection. Therefore, it would be obvious to create a selection program for selecting 
random algorithms based on the software for selecting random layouts. Thus, the limitation of 
"a selection program for selecting at each of a sequence of random times a different surveillance 
algorithm to be used by the analysis system" is found in the combination of the references, not 
solely in Douceur. 

25. Applicants argue : 

26. 'Applicants do not acquiesce in the correctness of the rejections and reserves the right to 
present specific arguments regarding any rejected claims not specifically addressed" (Remarks, 
Page 10, Paragraph 1). 

27. Examiner's response : 

28. Applicants are reminded of their duty under 37 C.F.R. 1 . 1 1 1 (b) to point out the supposed 
errors in the Examiner's action. Applicants' statement suggests that there may be specific 
arguments that have not been presented. If Applicant continues to make statements of this 
nature, the responses containing such statements will be deemed non bona fide. 



Conclusion 

29. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 



Application/Control Number: 10/690,778 
Art Unit: 3621 



Page 8 
Paper -20100605 



30. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

3 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOSHUA MURDOUGH whose telephone number is (571)270- 
3270. The Examiner can normally be reached on Monday - Thursday, 7:00 a.m. - 5:00 p.m. 

32. If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Andrew Fischer can be reached on (571) 272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

33. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 



Application/Control Number: 10/690,778 
Art Unit: 3621 



Page 9 
Paper -20100605 



like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Joshua Murdough 
Examiner, Art Unit 3621 

/ANDREW J. FISCHER/ 

Supervisory Patent Examiner, Art Unit 3621 



